Can I use a Tor browser session and a regular Firefox session side by side without corrupting the security of the Tor session?

E.g. when I download a new Eclipse version or when I'm searching for code snippets I think the NSA won't find out more than if I'm a mediocre programmer or not. But for more sensitive searches like insurances, I don't want my surfing as unsecured. So it would be nice if I could keep both programs open and switch when needed.

4 Answers
4

Yes, you can use both a browser with a direct connection to the internet and a browser that uses the Tor proxy to access the internet (such as the Tor Browser Bundle), and still have the anonymity benefits of Tor when using the right browser.

There are two risks I am aware of. First and most significantly: modification of pages you are viewing to expose your identity if your sensitive browser holds identifying cookies. Secondly you need to be careful to avoid helping passive attackers carry out timing attacks.

Cookie Extraction

Schneier believes the NSA's QUANTUMCOOKIE program may modify a (sensitive) page you are viewing over Tor, to inject a part of another website that will trigger your browser to send identifying cookies:

My guess is that the NSA uses frame injection to surreptitiously
force anonymous users to visit common sites like Google and Facebook
and reveal their identifying cookies.

They could do this through compromising / owning the exit node, or one of their other internet-scale programs to modify traffic between the exit node and the intended server.

Of course, this highlights a generic attack that isn't limited to the NSA.

It's not completely clear from the question whether you would be exposed to this, but the best mitigation would be to never use your sensitive browser for purposes that could identify you, and ensure it doesn't store cookies over sessions. To be specific: use a unique browser profile (or TBB install) for each identity you wish to have, and don't mix them. In the simple case of sensitive vs unsensitive, use a single browser for sensitive use only, and another for unsensitive, potentially identifying use. Both browsers can be used at the same time, provided you don't mix what you use them for.

Timing Attacks

If your browsing on the directly connected browser is related to your browsing over Tor, that could assist an adversary in carrying out timing-based confirmation attacks.

For example, you're at an internet cafe with your Tails distro, and busy chatting anonymously over Tor to a reporter at the Guardian, whilst at the same time browsing outside of Tor the Guardian's coverage of your previous story and researching asylum in Ecuador... the government agency notices your interesting non-private browsing and the fact that you are using Tor, and can make some intelligent deductions about what end points you might be communicating with.

Having dramatically narrowed down the possible end points you might be communicating with from "the internet" to "places of interest to people with a reason to flee to Ecuador and interest in The Guardian", their confirmation job becomes quite a lot simpler.

Of course, if you're looking at something with wider appeal over a direct connection whilst doing your sensitive browsing over Tor, then whilst you arouse suspicion for using Tor, your well-resourced adversary doesn't have a lot more to go on, so carrying out confirmation attacks will be a lot more expensive for them.

Summary

Have a unique browser per identity you want to be kept separate, keep anything remotely related to an identity within the right browser. Oh, and don't accidentally copy and paste a URL / search term / email into the wrong browser.

Lucas' answer rightly points out that if the NSA or equivalently well funded adversary is specifically trying to track your activities as a high priority target, and not just blanket monitoring all Tor users, for example, then this question is fairly moot.

Yes you can run them side by side and not corrupt the security. This is because your Tor browser will send everything through a Tor proxy (including DNS requests) and your normal browser won't. Do mind that:

If the NSA really would like to know what you are doing then they will find a way, bug your house, target your computer with malware, ... .

The only thing that anyone should learn from that XKCD comic is that you should improve your physical security as well in the face of a serious adversary.
–
Darius JahandarieJul 2 '13 at 23:10

@Lucas-Kauffmann Perfect answer, but I have to admit that the cartoon was the thing that tipped off my +1. #SoTrue
–
e-sushiJul 3 '13 at 17:17

Re the XKCD comic, you could create "nuke.sh" containing "head -c 1052672 /dev/urandom > /dev/sdb1; sync". Always have a terminal open. Run "./nuke.sh" and hit Ctrl-Alt-Del, and there would be no password to tell. If you were very paranoid, and had a solid UPS, you could nuke the LUKS header right after bootup. But then you'd need to have a hidden backup, and remember to restore before shutting down.
–
mirimirDec 16 '13 at 4:37

Using a Tor-optimized browser and a regular browser simultaneously on the same machine is extremely unwise. Michael notes two risks: 1) "modification of pages you are viewing to expose your identity if your sensitive browser holds identifying cookies"; and 2) "passive attackers [who] carry out timing attacks".

There are at least two additional risks: 1) human error; and 2) browser exploits and malware. Let's say that you've installed the latest Tor Browser Bundle. Using the TBB browser, you're accessing the Internet via Tor's SOCKS5 proxy at 127.0.0.1:9050. You can open Firefox, and access the Internet directly, with no proxy. If you accidentally use Firefox for something that's associated with your "anonymous" activity using the TBB browser, you're potentially hosed.

In one of the NSA presentations leaked by Edward Snowden, Tor is characterized as the “king of high-secure, low-latency anonymity”. According to a Washington Post FAQ: "So while hacking the core Tor network has proven difficult, hacking a Tor user's browser is easier." In other leaked documents, the NSA claims to have many browser zero-days. I'm sure that other players, some far more hostile, have their own. Maybe they trade ;)

If you're compromised while using the TBB, an adversary may compromise the Tor client, and so determine your ISP-assigned IP address. A less-skilled adversary might just drop malware that "phones home" when it sees that Tor isn't running.

In light of such threats, it is unwise to run both the Tor software and user applications on the same machine. Best practice is running Tor on dedicated router/firewall hardware, and the TBB browser on an attached workstation. If that's unworkable, networking and apps should at least be isolated on separate virtual machines (VMs). Whonix is a very user-friendly implementation. Qubes is undoubtedly more secure, but requires dedicated hardware.

yet one more threat: if a user enables flash plugin, then he can be identified via flash cookies. I have not ever tried to enable flash in a tor browser, but it seems that there is such a possibility
–
user907860Nov 4 '14 at 16:00

There is one risk that hasn't been mentioned here yet: when you're having both Tor Browser and a different browser open, you may accidentally confuse them and either enter identifying information in Tor Browser or perform activities which you wanted not to have tracked back to you in the other browser.

There is no great technical risk, but you'll have to keep your actities over Tor and your regular browsing completely separated. If you do both at the time, you increase the chance you'll make a mistake one day. Remember, it takes just one error on your side to get caught.

(Of course, if you're not a dissident in a country with an oppresive regime or some kind of criminal, but simply a law-obeying citizen who thinks his browsing habits are none of the government's business, this is less of a concern.)